Bug 1614939

Summary: CVE-2018-14526 wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant [fedora-all]
Product: [Fedora] Fedora Reporter: Davide Caratti <dcaratti>
Component: wpa_supplicantAssignee: Davide Caratti <dcaratti>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 28CC: bgalvani, blueowl, dcaratti, dcbw, john.j5live, lkundrak
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://w1.fi/security/2018-1/
Whiteboard:
Fixed In Version: wpa_supplicant-2.6-17.fc28 wpa_supplicant-2.6-14.fc27 Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-08-16 08:06:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1614520    

Description Davide Caratti 2018-08-10 19:32:05 UTC 
a vulnerability in RX EAPOL processing has been recently detected.
Comment 1 Fedora Update System 2018-08-10 19:40:21 UTC 
wpa_supplicant-2.6-14.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-c43c1ee06f
Comment 2 Fedora Update System 2018-08-10 19:40:28 UTC 
wpa_supplicant-2.6-17.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-41dfadd21a
Comment 3 Fedora Update System 2018-08-14 20:35:40 UTC 
wpa_supplicant-2.6-14.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-c43c1ee06f
Comment 4 Fedora Update System 2018-08-14 22:40:41 UTC 
wpa_supplicant-2.6-17.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-41dfadd21a
Comment 5 Fedora Update System 2018-08-16 08:06:27 UTC 
wpa_supplicant-2.6-17.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2018-08-23 09:43:40 UTC 
wpa_supplicant-2.6-14.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.